Jamf Developer Series, Advanced Searches

This is the first in a series of blogs aimed at consumers of Jamf’s Developer Tools - our APIs and Webhooks. These resources are often leveraged by third parties creating integrations or tools that work with Jamf, many of which can be found on the Jamf Marketplace. If your organization is interested in creating a Jamf integration, reach out about becoming a Jamf Solution Partner, and we’d be happy to talk discuss your workflows.

November 17 2020 by

Sam Weiss

The Jamf API is often used to gather data about devices. It may seem easy to loop through all devices and return all the information, but there are more performant ways to build an integration. We’re going to discuss Advanced Searches and then highlight two of our Solution Partners, Cisco and Tugboat Logic who leverage these Advanced Searches with the Jamf API for compliance integrations.

Advanced Searches

Advanced Searches are a valuable component of Jamf Pro for administrators. They allow for a more granular display of data around computers, mobile devices and users. An Advanced Search gives the ability to display only the inventory fields an administrator wants to see and allows for configuring criteria to display only the devices or users that meet that criteria (filtering).

Advanced Searches are even more valuable when building programmatic integrations to Jamf Pro via the Classic API. A common task when developing an integration is to export inventory data from Jamf Pro into an external system. The normal method of export for this is to loop through all devices or users by performing a GET request on their individual ID. For an individual computer, this would look something like: GET /computers/id/{id}. The response body for this API request can be quite large since it contains virtually all of the information that Jamf Pro collects about a managed computer. Since most integrations don’t require every single piece of information about a device, this request can cause unnecessary system load and network traffic. A better approach for many use cases is to leverage an Advanced Search.

The first step to leveraging an Advanced Search via the Classic API is to create the search with the desired criteria and display fields. For an Advanced Computer Search you would perform a POST request to the /advancedcomputersearches/id/{id} endpoint. The request body should contain attributes such as “name”, “criteria”, and “display_fields” to properly create the Advanced Search and you should use 0 as the {id} in the URI. A basic example of the request body would look like the following:

A 201 HTTP status code will be returned if the POST was successful, along with the id of the newly created Advanced Search. Specific details on the required request body can be found in the documentation for the advancedcomputersearches endpoints on the Jamf Developer Portal.

Once the Advanced Search is created you must actually return the results of the search. You can easily do this by using the same URI you used to POST the request initially but use a GET method instead. You’ll also want to replace the {id} with the id of the newly created Advanced Search that was returned in the POST request. In the case of an Advanced Computer Search, this will return a response body that includes the details of the search and also the list of computers that meet the search criteria along with their configured display fields.

A final (optional) step is to delete the Advanced Search if it won’t be needed again. This could be done in scenarios where Advanced Searches need to be created on the fly with different criteria or display fields. Deleting an Advanced Search keeps the Jamf Pro administrator interface clean as each Advanced Search created via the API displays in the web interface. Deleting an Advanced Search follows the same pattern as creating or viewing one except you’ll use the DELETE method instead of a POST or GET.

Example Integrations

While it might seem like an extra step, leveraging an Advanced Search benefits not only the endpoint consuming your data but also the Jamf server. Jamf and our admins appreciate well made integrations and we’re excited to highlight two integrations that incorporate programmatic advanced searches into their products.

Tugboat Logic is a security assurance platform that helps organizations pass security audits like SOC 2, PCI, ISO 27001 and more. The process to obtain these certifications are typically complex and mysterious, but Tugboat Logic takes a different approach. By integrating directly with security tools like Jamf Pro via the API, Tugboat Logic can help customers automatically collect evidence that their workstations are compliant with the standards of their chosen security framework.

Advanced Searches are used in this integration because they allow them to query their customers’ Jamf Pro environments and extract only the information that is relevant to their auditor, such as password configurations and disk encryption settings.

“For our customers, collecting evidence that security controls are in place is the most time consuming part of any audit project” said Taylor Johnson, Senior Product Manager at Tugboat Logic. “Integrating with the Jamf Pro API has allowed us to automate this process on their behalf, and gives them the confidence that they will always have the data on hand to meet any auditor’s evidence requests.”

More information about Tugboat Logic and Jamf Pro can be found on the Jamf Marketplace.

Cisco — the worldwide leader in internet networking —provides products that enable connectivity in sprawling multi-campus facilities just as well as employees working from home. Cisco Identity Services Engine (ISE) streamlines network policy management by integrating directly with Jamf Pro.

Cisco ISE protects environments by seamlessly connecting only compliant Apple devices to the network and offers a remediation path for those that are not compliant. This type of contextually aware security policy is often powered by APIs, and Cisco ISE in particular is powered by a call to an Advanced Search that defines compliance. This is advantageous because our admins are empowered to create their own definition of compliance based on any inventory criteria, and not limited by vendor imposed assumptions, which allows other third-party tools that integrate with Jamf to contribute to this security stature.

Whether you’re a customer automating workflows or an ISV creating new product offerings or integrations with Jamf Pro, the API is one of Jamf’s Developer tools that can help you be successful. They’re easy to get started with, and concepts like Advanced Searches help you narrow in focus to create secure and performant integrations. Stay tuned for the next post in our Jamf Developer Series on the flexibility of Extension Attributes.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.